IN THE CLAIMS: 



1 . (Currently Amended) A method for performing layer 2 authentication of a Mobile 
Node supporting Mobile IP in an SSG-based network, comprising: 

obtaining layer 2 information including at least one of a MAC address or a usemame 
associated with the Mobile Node; 

performing layer 2 authentication of the Mobile Node or receiving a packet indicating 
that layer 2 authentication of the Mobile Node has been performed: 

generating an orphaned host object including the layer 2 informatio n, wherein the 
orphaned host object is generated after layer 2 authentication of the Mobile Node has been 
performed : 

unorphaning the orphaned host object by a network device in the SSG-based network 
when an IP address associated with the layer 2 information is received such that the 
unorphaned host object includes the IP address and the layer 2 information, wherein the IP 
address associated with the layer 2 information is received without performing layer 3 
authentication of the Mobile Node, thereby enabling layer 3 policies to be enforced without 
performing layer 3 authentication of the Mobile Node; and 

providing access to services based upon the IP address of the unorphaned host object. 

2. (Original) The method as recited in claim 1, further comprising: 
obtaining a usemame associated with the Mobile Node; 

wherein the orphaned host object includes the usemame associated with the Mobile 

Node. 
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3. (Original) The method as recited in claim 1, wherein obtaining layer 2 
information comprises: 

receiving the layer 2 information in an access request packet; 

wherein generating the orphaned host object is performed when an access accept 
packet is received indicating the Mobile Node associated with the layer 2 information has 
been authenticated by a AAA server. 

4. (Original) The method as recited in claim I, wherein unorphaning the orphaned 
host object comprises: 

receiving a packet including the IP address and the layer 2 information; and 
updating the orphaned host object to include the IP address, thereby generating an 
unorphaned host object. 

5. (Original) The method as recited in claim 4, wherein receiving a packet including 
the IP address and the layer 2 information comprises: 

receiving an ACCT start packet including the IP address and the layer 2 information. 

6. (Original) The method as recited in claim 5, further comprising: 

receiving an ACCT stop packet including the IP address; and 

deleting the unorphaned host object when the ACCT stop packet is received. 

7. (Original) The method as recited in claim 1, further comprising: 
deleting the unorphaned host object. 



8. (Original) The method as recited in claim 7, further comprising: 
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receiving an ACCT stop packet including the IP address; 

wherein deleting the unorphaned host object is performed when the ACCT stop 
packet is received. 

9. (Original) The method as recited in claim 4, wherein the packet including the IP 
address and layer 2 information further includes an IP address of a network device from 
which the packet was received, the method further comprising: 

maintaining a mapping between the IP address of the network device and the IP 
address of the Mobile Node such that a mapping of one or more Mobile Nodes supported by 
the network device is maintained. 

10. (Original) The method as recited in claim 9, wherein the packet including the IP 
address and the layer 2 information is an ACCT start packet. 

1 1 . (Original) The method as recited in claim 9, further comprising: 

receiving a packet including the IP address of the network device that indicates that 
the network device is not functioning; and 

deleting an unorphaned host object or orphaning a host object for each of the Mobile 
Nodes supported by the network device. 

12. (Original) The method as recited in claim 11, wherein the packet including the IP 
address of the network device that indicates that the network device is not functioning is an 
ACCT-OFF packet. 



13. (Original) The method as recited in claim 11, wherein the packet including the IP 
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address of the network device that indicates that the network device is not functioning is an 
ACCT-ON packet. 

14. (Currently Amended) A computer-readable medium storing thereon computer- 
readable instructions for performing layer 2 authentication of a Mobile Node supporting 
Mobile IP in an SSG-based network, comprising: 

instructions for obtaining layer 2 information including at least one of a MAC address 
or a usemame associated with the Mobile Node; 

instructions for generating an orphaned host object including the layer 2 information^ 
wherein the orphaned host object is generated when laver 2 authentication of the Mobile 
Node has been successfuUv performed ; and 

instructions for unorphaning the orphaned host object when an IP address associated 
with the layer 2 information is received such that the unorphaned host object includes the IP 
address and the layer 2 information, wherein the IP address associated with the layer 2 
information is received without performing layer 3 authentication of the Mobile Node, 
thereby enabling layer 3 policies to be enforced without performing layer 3 authentication of 
the Mobile Node, wherein unoiphaning the orphaned host object is performed without 
receiving information from a user via the SSG-based network. 

15. (Currently Amended) An apparatus for performing layer 2 authentication of a Mobile 
Node supporting Mobile IP in an SSG-based network, comprising: 

means for obtaining layer 2 information including at least one of a MAC address or a 
username associated with the Mobile Node; 

means for performing layer 2 authentication of the Mobile Node using at least a 
portion of the laver 2 information or receiving a packet indicating that laver 2 authentication 
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of the Mobile Node has been performed: 

means for generating an orphaned host object including the layer 2 information^ 
wherein the orphaned host object is generated when layer 2 authentication of the Mobile 
Node has been performed : and 

means for unorphaning the orphaned host object when an IP address associated with 
the layer 2 information is received such that the unorphaned host object includes the IP 
address and the layer 2 information, wherein the IP address associated with the layer 2 
information is received without performing layer 3 authentication of the Mobile Node, 
thereby enabling layer 3 policies to be enforced without performing layer 3 authentication of 
the Mobile Node, wherein unorphaning the orphaned host object is performed without 
receiving login information from a user via the SSG-based network. 

16. (Currently Amended) An apparatus for performing layer 2 authentication of a Mobile 
Node supporting Mobile IP in an SSG-based network, comprising: 
a processor; and 

a memory, at least one of the processor or the memory being adapted for: 

obtaining layer 2 information including at least one of a MAC address or a username 
associated with the Mobile Node; 

performing laver 2 authentication of the Mobile Node using at least a portion of the 
laver 2 information or receiving a packet indicating that laver 2 authentication of the Mobile 
Node has been performed: 

generating an orphaned host object including the layer 2 information , wherein the 
orphaned host object is generated when layer 2 authentication of the Mobile Node has been 
performed : and 

unorphaning the orphaned host object when an IP address associated with the layer 2 
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information is received such that the unorphaned host object includes the IP address and the 
layer 2 information, wherein the IP address associated with the layer 2 information is 
received without performing layer 3 authentication of the Mobile Node, thereby enabling 
layer 3 policies to be enforced without performing layer 3 authentication of the Mobile Node, 
wherein unorphaning the orphaned host object is performed without receiving login 
information from a user via the SSG-based network. 

17. (Previously Presented) The apparatus as recited in claim 16, at least one of the 
processor or the memory being further adapted for: 

enforcing layer 3 policies based upon the layer 2 authentication of the Mobile Node. 

18. (Previously Presented) The apparatus as recited in claim 16, at least one of the 
processor or the memory being further adapted for: 

enforcing layer 3 policies without performing layer 3 authentication. 

19. (Previously Presented) The apparatus as recited in claim 16, at least one of the 
processor or the memory being further adapted for: 

enforcing layer 3 policies by accessing the unorphaned host object. 

20. (Previously Presented) The apparatus as recited in claim 16, at least one of the 
processor or the memory being further adapted for: 

enforcing layer 3 policies based upon the IP address of the unorphaned host object. 

21. (Cancelled) 
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22. (Currently Amended) The method as recited in claim 1, further comprising: 
wherein p erforming Layer 2 authentication of the Mobile Node is performed u sing an 

EAP-SIM protocol. 

23. (Currently Amended) The method as recited in claim 1, further comprising: 
authenticating wherein layer 2 authentication of the Mobile Node is performed using a 

LEAP protocol using the layer 2 information: 

wherein generating an orphaned host object including the layer 2 information is 

performed after the Mobile Node has been authenticated using the layer 2 information . 

24. (Currently Amended) The apparatus method as recited in claim 16 2^, wherein 
authenticating layer 2 authentication of the Mobile Node is performed using an EAP-SIM 
protocol. 
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